wgu-opensource · JohnKallies · Jan 26, 2023 · Jan 25, 2023 · Jan 25, 2023
diff --git a/README.md b/README.md
@@ -202,19 +202,17 @@ OSMT optionally supports role-based access, with these roles:
 Role-based access is disabled by default for the Angular UI and Spring REST API. Use these steps to enable roles.
 
 #### Configuration in OSMT Code
-Angular UI: In [`auth-roles.ts`](ui/src/app/auth/auth-roles.ts) file, configure these values:
+By default, OSMT is configured with roles enabled. If you want to disable roles in OSMT, apply these changes:
+
+In Angular UI: In [`auth-roles.ts`](ui/src/app/auth/auth-roles.ts) file, configure these values:
 ```
-export const ENABLE_ROLES = true
+export const ENABLE_ROLES = false
 ```
 
-Spring REST API: In [`application.properties`](api/src/main/resources/config/application.properties) file, configure these values:
+In Spring REST API: In [`application.properties`](api/src/main/resources/config/application.properties) file, configure these values:
 ```
 # Roles settings
-app.enableRoles=true
-osmt.security.role.admin=ROLE_Osmt_Admin
-osmt.security.role.curator=ROLE_Osmt_Curator
-osmt.security.role.view=ROLE_Osmt_View
-osmt.security.scope.read=SCOPE_osmt.read
+app.enableRoles=false
 ```
 * NOTE: if app.enableRoles=false, all authenticated endpoints will be accessible by any authenticated user.
 * You can use these role values, or you can provide your own based on your own authorization tooling. For Okta, you will need to use the uppercase `ROLE_` prefix on your role.

diff --git a/api/src/main/resources/config/application.properties b/api/src/main/resources/config/application.properties
@@ -89,8 +89,8 @@ app.allowPublicLists=true
 log4j2.formatMsgNoLookups=true
 
 # Roles settings
-app.enableRoles=false
-#osmt.security.role.admin=ROLE_Osmt_Admin
-#osmt.security.role.curator=ROLE_Osmt_Curator
-#osmt.security.role.view=ROLE_Osmt_View
-#osmt.security.scope.read=SCOPE_osmt.read
+app.enableRoles=true
+osmt.security.role.admin=ROLE_Osmt_Admin
+osmt.security.role.curator=ROLE_Osmt_Curator
+osmt.security.role.view=ROLE_Osmt_View
+osmt.security.scope.read=SCOPE_osmt.read
diff --git a/ui/src/app/auth/auth-roles.ts b/ui/src/app/auth/auth-roles.ts
@@ -1,7 +1,7 @@
 export const OSMT_ADMIN = "ROLE_Osmt_Admin"
 export const OSMT_CURATOR = "ROLE_Osmt_Curator"
 
-export const ENABLE_ROLES = false
+export const ENABLE_ROLES = true
 
 export enum ButtonAction {
   SkillUpdate,

diff --git a/ui/src/app/auth/auth.guard.spec.ts b/ui/src/app/auth/auth.guard.spec.ts
@@ -43,11 +43,11 @@ describe("AuthGuard", () => {
     expect(authGuard.canActivate(routeMock, stateMock)).toEqual(false)
   })
 
-  it("should return true even without appropriate roles because ENABLE_ROLES is false for OS OSMT UI", () => {
+  it("should return false because ENABLE_ROLES is set to true for OS OSMT UI", () => {
     // Arrange
     AuthServiceData.hasRoleFlag = false
     // Act and Assert
-    expect(authGuard.canActivate(routeMock, stateMock)).toEqual(true)
+    expect(authGuard.canActivate(routeMock, stateMock)).toEqual(false)
   })
 
   it("should return true with undefined route.data.roles", () => {

diff --git a/ui/src/app/collection/detail/manage-collection.component.spec.ts b/ui/src/app/collection/detail/manage-collection.component.spec.ts
@@ -281,7 +281,7 @@ describe("ManageCollectionComponent", () => {
 
       // Assert
       expect(actions).toBeTruthy()
-      expect(actions.length).toEqual(5)
+      expect(actions.length).toEqual(6)
 
       let action = actions[0]
       expect(action.label).toEqual("Add RSDs to This Collection")
@@ -321,6 +321,7 @@ describe("ManageCollectionComponent", () => {
   })
 
   it("delete collection should not be visible", () => {
+    const spy = spyOnProperty(Auth, "ENABLE_ROLES").and.returnValue(false)
     const actions = component.actionDefinitions()
     const action = actions[5]
     expect(action).toBeUndefined()